AI Pulse Daily Brief | 2026-05-01
Reading time ~9 mins
- ING confirms agentic AI mortgages live in Dutch production — first Dutch peer at scale.
- Three AI security incidents land together: PR-comment prompt injection on Claude Code/Copilot, an unfixed MCP design flaw, and an OAuth-cascade Vercel breach via Context AI.
- EU AI Act Omnibus trilogue collapsed; the August 2026 high-risk deadline is intact and Dutch consultation closes 1 June.
- DNB migrates off US hyperscalers; AFM warns Dutch asset managers their AI use is outpacing governance.
- McKinsey, Grant Thornton, Lenovo and MIT Sloan converge: governance and operating model — not technology — is the live constraint on AI value.
Top signal
ING confirms agentic AI mortgages live in production across the Netherlands. Corporate
Signal: ING's Q1 2026 results on 30 April reported agentic AI running mortgage origination data-gathering and credit checks in live Dutch production, with Germany next; COO Marnix van Stiphout cited 90% pilot-to-production versus a 30% industry average and 25% productivity gains where AI enters operations.
Relevance: A direct Dutch peer has crossed mortgage origination from pilot to production while most of the sector is still scoping — exactly the channel where the comparison is visible to customers, brokers and DNB.
Consider: Mortgage product, customer-channel and operations leads should book a board-level read-across in the next two weeks — which ING components (centralised AI platform, 140-control governance checklist, advisor-in-the-loop split) the bank can adopt within the existing risk framework.
Security
A pull-request comment can make Claude Code, Gemini CLI and GitHub Copilot exfiltrate API keys from CI/CD pipelines. Media
Signal: Researchers published "Comment and Control" on 16 April; opening a PR with a malicious title fires AI coding-assistant agents to leak environment secrets without victim interaction. Anthropic graded it critical and paid $100; GitHub treated it as an architectural limitation and paid $500.
Relevance: All three named tools are in active developer use across Dutch banks, including documented evaluation at Rabobank, and the trigger fires automatically on PR events — meaning a third-party contributor or compromised account fires it without crossing any bank-controlled checkpoint.
Consider: Developer-tooling and AppSec leads should this fortnight check whether AI agents on the bank's GitHub repositories see the same secrets as the CI build, sandbox PR-comment content before agent ingestion, and add a vendor-disclosure expectation to the AI-agent procurement template.
Anthropic declines to fix a design flaw in Model Context Protocol — the open standard banks use to connect AI agents to internal tools — and the issue lands as a DORA third-party risk. Media
Signal: An architectural flaw confirmed across 7,000+ public servers and 150 million downloads with eleven vulnerability filings. Anthropic, the protocol's author, declines to modify the design and characterises the behaviour as expected; described attack types include resource-exhaustion loops and arbitrary code execution via tool poisoning.
Relevance: For banks running agentic AI on this protocol, an unpatched, vendor-acknowledged-by-design weakness in a third-party ICT service falls under DORA Article 28 — it requires documented compensating controls and concentration-risk treatment in the third-party register, not a patch wait.
Consider: The DORA/ICT third-party-risk owner should confirm by end of May that any internal or vendor agentic AI deployment using MCP is mapped as a discrete ICT service with compensating controls written down.
A Lumma Stealer infection at the AI vendor Context AI gave attackers OAuth tokens that breached Vercel's internal database, listed for $2 million. Media
Signal: Trend Micro and OX Security documented on 19 April that Vercel's database was breached in February via Lumma Stealer malware on a Context AI employee — the AI productivity assistant they had connected to corporate login. The dataset is now offered for $2m on BreachForums; this is the third OAuth-cascade incident through an AI vendor in recent weeks.
Relevance: The compromise path was the small AI tool an employee had trusted with single-sign-on, not the model provider. Every additional AI integration that holds an OAuth token to a bank-owned system widens the surface beyond the AI vendor's own perimeter.
Consider: The third-party AI-vendor security lead should request OAuth-scope evidence and infostealer-exposure attestations from any AI integration that holds admin-tier or database-level access in the bank's tenant, and tighten scope where residual permissions exceed published features.
Regulatory
EU AI Act Omnibus trilogue collapsed after 12 hours; the 2 August 2026 high-risk deadline is legally intact and the next round is around 13 May. Authority
Signal: The 28 April trilogue between Parliament, Council and Commission on the Digital Omnibus — which would have shifted the high-risk Annex III date from 2 August 2026 to 2 December 2027 — failed without political agreement, blocked by the Annex I sectoral-safety carve-out. The next session is provisional for 13 May 2026.
Relevance: Several institutions had been quietly relaxing AI Act compliance pace on the assumption the Omnibus would deliver an extension; that assumption no longer holds, and any preparation slowdown taken in the past month must be reversed.
Consider: AI governance and legal leads should brief the Managing Board this week on whether the bank's Article 6/Annex III readiness work is on the August 2026 path or the deferred path, and prepare a dual-scenario position note for 13 May.
European Parliament Legislative Train
AFM warned that AI use in Dutch asset management is outpacing governance controls and signalled supervisory follow-up. Authority
Signal: AFM published "AI in the Dutch asset management sector" on 7 April based on a survey of 323 managers — 53% use AI or plan to within a year, 25% have no AI policy at all, only 28% have a formal generative-AI policy — and named data quality, algorithmic bias, limited explainability and vendor concentration as its four priority risks.
Relevance: AFM is publishing the same gap profile DNB will reference in supervisory dialogue, and the bank's asset-management arm sits squarely in the supervised population. The implicit benchmark for "adequate" AI governance is now in writing.
Consider: The asset-management compliance lead should map the four AFM priority risks against the existing AI inventory before the next AFM dialogue — surfaces internally whatever gap AFM will surface externally.
Perspectives
Accenture's Julie Sweet says her firm tied every promotion to AI fluency, took a $923m restructuring charge and trained 500,000 employees. CxO voice
Signal: In a Fortune interview on 29 April, the Accenture CEO described dismantling her own 2019 operating model to make the firm "AI native": every promotion is contingent on demonstrated AI fluency, the restructuring carried a $923m charge, and the firm invests roughly $1bn a year in workforce development across 786,000 people.
Relevance: Sweet is reporting a P&L cost the bank can compare to its own, not pitching a vendor product. Compensation-linked behaviour change is the most reliable lever in workforce research, and her line is what board members will quote when challenged on transformation tempo.
Consider: HR and the AI-strategy lead should pre-cost what tying internal promotion criteria to demonstrated AI fluency would mean for the bank's job architecture, and surface that number in the next workforce-strategy paper — directionally, not as a commitment.
Netherlands & Sovereignty
Dutch cabinet opened public consultation on the EU AI Act national implementation law; the privacy authority becomes lead AI supervisor and the window closes 1 June. Authority
Signal: State Secretary Aerdts published the draft Implementation Act on 20 April with consultation closing 1 June 2026. The law designates the Autoriteit Persoonsgegevens as primary national AI supervisor for sectors lacking a dedicated regulator, supported by a dedicated AI officer and a coordinating role for the Rijksinspectie Digitale Infrastructuur.
Relevance: Once enacted, the bank's high-risk AI systems — credit scoring, fraud, AML — fall under explicit AP and RDI scope, and audit cost depends on how those bodies define their reach. The consultation window is the last cheap moment to shape that definition.
Consider: Regulatory affairs and AI governance leads should align with the Dutch Banking Association on a coordinated response naming AP supervisory-scope concerns before 1 June; peer Dutch banks are expected to file, and silence will be visible.
De Nederlandsche Bank is migrating its own infrastructure to a European cloud provider to cut US hyperscaler dependency. Authority
Signal: At Hannover Messe on 20 April, DNB confirmed migration to Schwarz Digits' Stackit — the cloud arm of the parent company of Lidl and Kaufland — explicitly to bring its data under European law rather than the US Cloud Act. The move follows the joint DNB-AFM October 2025 report on Dutch financial-sector US hyperscaler concentration.
Relevance: When the supervisor publicly migrates its own systems on sovereignty grounds, it is signalling what it expects supervised institutions to articulate next. The "wait and see" cloud-strategy posture loses its insulation; a no-choice answer will read as a choice.
Consider: The CIO and cloud-strategy leads should commission a one-page DNB read-across this month — what an exit posture from US hyperscalers would look like for the bank, what it would cost, and which workloads would qualify for a European alternative within twelve months.
Research
Four independent firms — McKinsey, Grant Thornton, Lenovo and MIT Sloan — converge this fortnight on the same finding: the limit on enterprise AI value is governance, data and operating-model design, not technology. Advisory
Signal: McKinsey Global Institute (30 April) puts the automation ceiling at 57% of US working hours and the 2030 prize from workflow redesign at $2.9 trillion, with hybrid roles the highest leverage. McKinsey Technology (23 April) finds 62% of organisations are experimenting with AI agents but fewer than 10% are scaling, with the gating constraint being governed data assets rather than model capability. Grant Thornton's 2026 AI Impact Survey (N=950 across ten industries, 100 in banking) reports 78% of executives say they could not pass an independent AI governance audit within ninety days, with only 52% of boards setting governance expectations alongside the AI investments they approved. Lenovo Technology Institute (N=6,000 across twelve countries) reports 70%+ use AI weekly with up to a third operating beyond IT oversight; MIT Sloan's controlled study (20 April) finds GenAI lifts top performers by ~15% but drags weaker ones by ~10%.
Relevance: Four data sets, four methods, one shape — the bottleneck has migrated from model capability to governance, data architecture and how work is organised. Expected value that depends on technology alone has just had its priors lowered by independent evidence.
Consider: The AI-strategy lead, CRO and CHRO should jointly commission a thirty-day audit-readiness pack — built to the Grant Thornton ninety-day frame — and a parallel role-by-role hybrid-work map against the McKinsey taxonomy, before the next board investment paper.
McKinsey: Human-AI Workforce | McKinsey: Tech Infrastructure for Agentic AI | Grant Thornton 2026 AI Impact Survey (publication date unverified) | Lenovo Technology Institute | MIT Sloan Management Review
On the radar
- AFM clarified algorithmic-trading AI obligations align with ESMA RTS 6 and named Q3 2026 validation reports for selected firms; trading and model-risk teams should confirm scope now. Autoriteit Financiële Markten
- The European Commission awarded €180m of cloud contracts to four European providers under its scored sovereignty framework; STACKIT, Scaleway and Mistral are now state-procurable references for vendor-sovereignty assessments. European Commission
- OpenAI ended seven years of Azure exclusivity and put GPT-5.5 on Amazon's Bedrock platform, flattening Microsoft's pricing leverage on the bank's next AI-credits negotiation. OpenAI
- Customers Bank signed a multi-year deal with OpenAI putting OpenAI engineers inside the bank to co-build lending, deposits and payments tools — a precedent European banks have resisted on dependency grounds. FinTech Global
- bunq launched embedded Bitcoin banking through a Banking-as-a-Service partnership with Blockrise, extending Dutch deposit-guarantee coverage into a digital-asset stack. Crowdfund Insider
- Bloomberg CTO Shawn Edwards described AI-agent moats as data consolidation and evaluation infrastructure rather than the model itself — a CxO frame for the bank's next agentic deployment review. Fortune